|
|
|
|
@ -105,7 +105,7 @@ $command = $connection->createCommand('UPDATE tbl_post SET status=1 WHERE id=1')
|
|
|
|
|
$command->execute(); |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Alternatively the following syntax is possible: |
|
|
|
|
Alternatively the following syntax that takes care of proper table and column names quoting is possible: |
|
|
|
|
|
|
|
|
|
```php |
|
|
|
|
// INSERT |
|
|
|
|
@ -130,6 +130,29 @@ $connection->createCommand()->update('tbl_user', array(
|
|
|
|
|
$connection->createCommand()->delete('tbl_user', 'status = 0')->execute(); |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Quoting table and column names |
|
|
|
|
------------------------------ |
|
|
|
|
|
|
|
|
|
If you are building query string dynamically make sure you're properly quoting table and column names using |
|
|
|
|
[[\yii\db\Connection::quoteTableName()]] and [[\yii\db\Connection::quoteColumnName()]]: |
|
|
|
|
|
|
|
|
|
```php |
|
|
|
|
$column = $connection->quoteColumnName($column); |
|
|
|
|
$table = $connection->quoteTableName($table); |
|
|
|
|
$sql = "SELECT COUNT($column) FROM $table"; |
|
|
|
|
$rowCount = $connection->createCommand($sql)->queryScalar(); |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Alternatively you can use special syntax when writing SQL: |
|
|
|
|
|
|
|
|
|
```php |
|
|
|
|
$sql = "SELECT COUNT({{$column}}) FROM [[$table]]"; |
|
|
|
|
$rowCount = $connection->createCommand($sql)->queryScalar(); |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
In the code above `{{X}}` will be converted to properly quoted column name while `[[Y]]` will be converted to properly |
|
|
|
|
quoted table name. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Prepared statements |
|
|
|
|
------------------- |
|
|
|
|
|
Alexander Makarov
12 years ago